-
Cisco IOS IPv6 Configuration Library
-
Start Here: Cisco IOS Software Release Specifics for IPv6 Features
-
Implementing IPv6 Addressing and Basic Connectivity
-
Implementing ADSL and Deploying Dial Access for IPv6
-
Implementing Multiprotocol BGP for IPv6
-
Implementing DHCP for IPv6
-
Implementing EIGRP for IPv6
-
Configuring First Hop Redundancy Protocols in IPv6
-
Implementing IPSec in IPv6
-
Implementing IS-IS for IPv6
-
Managing Cisco IOS Applications over IPv6
-
Implementing Mobile IPv6
-
Implementing IPv6 over MPLS
-
Implementing IPv6 VPN over MPLS (6VPE)
-
Implementing IPv6 Multicast
-
Implementing NAT-PT for IPv6
-
Implementing NetFlow for IPv6
-
Implementing OSPF for IPv6
-
Implementing Policy-Based Routing for IPv6
-
Implementing QoS for IPv6
-
Implementing RIP for IPv6
-
Implementing Static Routes for IPv6
-
Implementing Traffic Filters and Firewalls for IPv6 Security
-
Implementing Tunneling for IPv6
-
Table Of Contents
Prerequisites for Implementing NetFlow for IPv6
Information About Implementing NetFlow for IPv6
How to Implement NetFlow for IPv6
Configuring an Aggregation Cache
Configuring a NetFlow Minimum Prefix Mask for Router-Based Aggregation
Configuring the Minimum Mask of a Prefix Aggregation Scheme
Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme
Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme
Configuration Examples for Implementing NetFlow for IPv6
Configuring NetFlow in IPv6 Environments: Example
Feature Information for Implementing NetFlow for IPv6
Implementing NetFlow for IPv6
First Published: June 26, 2006Last Updated: August 21, 2007NetFlow for IPv6 provides basic NetFlow functionality for IPv6 without affecting IPv4 NetFlow performance.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Implementing NetFlow for IPv6" section or the "Start Here: Cisco IOS Software Release Specifics for IPv6 Features" document.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for Implementing NetFlow for IPv6
•
•
•
•
Prerequisites for Implementing NetFlow for IPv6
This document assumes that you are familiar with IPv4. Refer to the publications referenced in the "Additional References" section for IPv4 configuration and command reference information.
Information About Implementing NetFlow for IPv6
To configure NetFlow for IPv6 for Cisco IOS software, you should understand the following concept:
•
NetFlow for IPv6 Environments
NetFlow for IPv6 is based on NetFlow Version 9 and functions by identifying packet flows for ingress IP and IPv6 packets. NetFlow enables you to collect traffic flow statistics on your routing devices and analyze traffic patterns, which are used to detect DoS attacks. It does not involve any connection-setup protocol between routers or to any other networking device or end station and does not require any change externally—either to the traffic or packets themselves or to any other networking device.
NetFlow is completely transparent to the existing network, including end stations and application software and network devices such as LAN switches. Also, NetFlow is performed independently on each internetworking device; it need not be operational on each router in the network. You can use NetFlow Data Export (NDE) to export data to a remote workstation for data collection and further processing. Network planners can selectively invoke NDE on a router or on a per-subinterface basis to gain traffic performance, control, or accounting benefits in specific network locations. NetFlow collects accounting information for IPv6 encapsulation and tunnels. If NetFlow capture is configured on a logical interface, IPv6 flows will be reported with that interface as the input or output interface, depending on whether the feature has been activated on the ingress or egress port.
How to Implement NetFlow for IPv6
To configure NetFlow, you must define the exporting scheme that will be used to export NetFlow statistics, configure the NetFlow cache, and configure NetFlow on the interfaces from which statistics will be gathered. The tasks required to complete perform these functions are described in the following sections:
•
•
•
Exporting NetFlow Statistics
This task describes how to define the exporting scheme that will be used to gather NetFlow statistics.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Customizing the NetFlow Cache
Several options are available for configuring and customizing the NetFlow cache:
•
•
•
These options are described in the following optional task:
•
Customizing the NetFlow Cache
Normally the size of the NetFlow cache will meet your needs. However, you can increase or decrease the number of entries maintained in the cache to meet the needs of your NetFlow traffic rates. The default is 64K flow cache entries. Each cache entry requires about 64 bytes of storage. Assuming a cache with the default number of entries, about 4 MB of DRAM would be required. Each time a new flow is taken from the free flow queue, the number of free flows is checked. If only a few free flows remain, NetFlow attempts to age 30 flows using an accelerated timeout. If only 1 free flow remains, NetFlow automatically ages 30 flows regardless of their age. The intent is to ensure that free flow entries are always available.
Caution
The following task describes how to customize the number of entries in the NetFlow cache.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Managing NetFlow Statistics
You can display and clear NetFlow statistics. NetFlow statistics consist of IP packet size distribution, IP flow cache information, and flow information such as the protocol, total flow, and flows per second. The resulting information can be used to determine information about your router traffic.
The following task describes how to manage NetFlow statistics. Use these commands as needed for verification of configuration.
SUMMARY STEPS
1.
1.
2.
DETAILED STEPS
Configuring an Aggregation Cache
The following task describes how to configure an aggregation cache for NetFlow.
Prerequisites
To configure an aggregation cache, you must enter aggregation cache configuration mode, and you must decide which type of aggregation scheme you want to configure: Autonomous System, Destination Prefix, Prefix, Protocol Prefix, or Source Prefix aggregation cache. Once you define the aggregation scheme, the following task lets you define the operational parameters for that scheme.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Configuring a NetFlow Minimum Prefix Mask for Router-Based Aggregation
To configure the NetFlow Minimum Prefix Mask for Router-Based Aggregation feature, perform the tasks described in the following sections. Each task is optional.
•
•
•
Configuring the Minimum Mask of a Prefix Aggregation Scheme
The following task describes how to configure the minimum mask of a prefix aggregation scheme.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme
The following task describes how to configure the minimum mask of a destination-prefix aggregation scheme.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme
The following task describes how to configure the minimum mask of a source-prefix aggregation scheme.
Note
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Configuration Examples for Implementing NetFlow for IPv6
The section provides the following configuration example:
•
Configuring NetFlow in IPv6 Environments: Example
If you configure the ipv6 flow ingress command on a few selected subinterfaces and then configure the ip route-cache flow command on the main interface, enabling the main interface will overwrite the ip flow ingress command and data collection will start from the main interface and from all the subinterfaces. In a scenario where you configure the ipv6 flow ingress command and then configure the ip route-cache flow command on the main interface, you can restore subinterface data collection by using the no ip route-cache flow command. This configuration will disable data collection from the main interface and restore data collection to the subinterfaces you originally configured with the ipv6 flow ingress command.
The following example shows how to configure NetFlow on Fast Ethernet subinterface 6/3.0:
Router(config)# interface FastEthernet6/3.0Router(config-subif)# ipv6 flow ingressThe following example shows the configuration for a loopback source interface. The loopback interface has the IPv6 address 2001:0DB8:1:1:FFFF:FFFF:FFFF:FFFE/64 and is used by the serial interface in slot 5, port 0.
Router# configure terminalRouter(config)# interface loopback 0Router(config-if)# ipv6 address 2001:0DB8:1:1:FFFF:FFFF:FFFF:FFFE/64Router(config-if)# exitRouter(config)# interface serial 5/0:0Router(config-if)# ip unnumbered loopback0Router(config-if)# encapsulation pppRouter(config-if)# ipv6 flow cacheRouter(config-if)# exitRouter(config)# ipv6 flow-export source loopback 0Router(config)# exitThe following example shows a router configured to capture the first 64 bits of the source address for packets entering this interface:
Router(config)# interface FastEthernet 6/3.0Router(config-subif)# ipv6 flow mask source maximum 64Where to Go Next
If you want to implement IPv6 routing protocols, refer to the Implementing RIP for IPv6, Implementing IS-IS for IPv6, or Implementing Multiprotocol BGP for IPv6 modules.
Additional References
The following sections provide references related to the Implementing NetFlow for IPv6 feature.
Related Documents
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
—
Technical Assistance
Feature Information for Implementing NetFlow for IPv6
Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.3(7)T or a later release appear in the table.
For information on a feature in this technology that is not documented here, see "Start Here: Cisco IOS Software Release Specifies for IPv6 Features."
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 1 Feature Information for NetFlow for IPv6
IPv6: NetFlow for IPv6 unicast traffic
12.2(33)
SXH, 12.3(7)T, 12.4, 12.4(2)TNetFlow enables you to collect traffic flow statistics on your routing devices and analyze traffic patterns, which are used to detect DoS attacks.
The following sections provide information about this feature:
•
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.
